Examples with LdapAuthenticationProviderConfigurer org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer used on opensource projects

Example 1 with LdapAuthenticationProviderConfigurer

use of org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer in project service-authorization by reportportal.

the class LdapAuthProvider method getDelegate.

@Override
protected AuthenticationProvider getDelegate() {
    LdapConfig ldap = authConfigRepository.findLdap(true).orElseThrow(() -> new BadCredentialsException("LDAP is not configured"));
    DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(singletonList(ldap.getUrl()), ldap.getBaseDn());
    ofNullable(ldap.getManagerPassword()).ifPresent(contextSource::setPassword);
    ofNullable(ldap.getManagerDn()).ifPresent(contextSource::setUserDn);
    contextSource.afterPropertiesSet();
    LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> builder = new LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>().contextSource(contextSource).ldapAuthoritiesPopulator(new NullLdapAuthoritiesPopulator()).userDetailsContextMapper(new DetailsContextMapper(ldapUserReplicator, ldap.getSynchronizationAttributes()));
    /*
         * Basically, groups are not used
		 */
    ofNullable(ldap.getGroupSearchFilter()).ifPresent(builder::groupSearchFilter);
    ofNullable(ldap.getGroupSearchBase()).ifPresent(builder::groupSearchBase);
    ofNullable(ldap.getUserSearchFilter()).ifPresent(builder::userSearchFilter);
    ofNullable(ldap.getPasswordEncoderType()).ifPresent(it -> {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder>.PasswordCompareConfigurer passwordCompareConfigurer = builder.passwordCompare();
        if (!isNullOrEmpty(ldap.getPasswordAttribute())) {
            passwordCompareConfigurer.passwordAttribute(ldap.getPasswordAttribute());
        }
        /*
			 * DIRTY HACK. If LDAP's password has solt, ldaptemplate.compare operation does not work
			 * since we don't know server's salt.
			 * To enable local password comparison, we need to provide password encoder from crypto's package
			 * This is why we just wrap old encoder with new one interface
			 * New encoder cannot be used everywhere since it does not have implementation for LDAP
			 */
        final PasswordEncoder delegate = ENCODER_MAPPING.get(ldap.getPasswordEncoderType());
        builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() {

            @Override
            public String encode(CharSequence rawPassword) {
                return delegate.encodePassword(rawPassword.toString(), null);
            }

            @Override
            public boolean matches(CharSequence rawPassword, String encodedPassword) {
                return delegate.isPasswordValid(encodedPassword, rawPassword.toString(), null);
            }
        });
    });
    if (!isNullOrEmpty(ldap.getUserDnPattern())) {
        builder.userDnPatterns(ldap.getUserDnPattern());
    }
    try {
        return (AuthenticationProvider) Accessible.on(builder).method(LdapAuthenticationProviderConfigurer.class.getDeclaredMethod("build")).invoke();
    } catch (Throwable e) {
        throw new ReportPortalException("Cannot build LDAP auth provider", e);
    }
}

Example 2 with LdapAuthenticationProviderConfigurer

use of org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer in project shinyproxy by openanalytics.

the class LDAPAuthenticationBackend method configureAuthenticationManagerBuilder.

@Override
public void configureAuthenticationManagerBuilder(AuthenticationManagerBuilder auth) throws Exception {
    LDAPProviderConfig[] configs = LDAPProviderConfig.loadAll(environment);
    for (LDAPProviderConfig cfg : configs) {
        LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> configurer = new LdapAuthenticationProviderConfigurer<>();
        String[] userDnPatterns = { cfg.userDnPattern };
        if (userDnPatterns[0] == null || userDnPatterns[0].isEmpty())
            userDnPatterns = new String[0];
        if (cfg.managerDn != null && cfg.managerDn.isEmpty())
            cfg.managerDn = null;
        // Manually instantiate contextSource so it can be passed into authoritiesPopulator below.
        DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(cfg.url);
        if (cfg.managerDn != null) {
            contextSource.setUserDn(cfg.managerDn);
            contextSource.setPassword(cfg.managerPassword);
        }
        if (Boolean.valueOf(cfg.startTLS) || STARTTLS_SIMPLE.equalsIgnoreCase(cfg.startTLS)) {
            // Explicitly disable connection pooling, or Spring may attempt to StartTLS twice on the same connection.
            contextSource.setPooled(false);
            contextSource.setAuthenticationStrategy(new DefaultTlsDirContextAuthenticationStrategy());
        } else if (STARTTLS_EXTERNAL.equalsIgnoreCase(cfg.startTLS)) {
            contextSource.setAuthenticationStrategy(new ExternalTlsDirContextAuthenticationStrategy());
        }
        contextSource.afterPropertiesSet();
        // Manually instantiate authoritiesPopulator because it uses a customized class.
        CNLdapAuthoritiesPopulator authoritiesPopulator = new CNLdapAuthoritiesPopulator(contextSource, cfg.groupSearchBase);
        authoritiesPopulator.setGroupRoleAttribute("cn");
        authoritiesPopulator.setGroupSearchFilter(cfg.groupSearchFilter);
        configurer.userDnPatterns(userDnPatterns).userSearchBase(cfg.userSearchBase).userSearchFilter(cfg.userSearchFilter).ldapAuthoritiesPopulator(authoritiesPopulator).contextSource(contextSource).configure(auth);
    }
}